Activities

Since we can now query the status of a payment (instead of having cookies set on /pay), it is pretty easy to do payments from a Single Page App without destroying state by opening the payment_redirect_url in a new tab/window.

We still might re-add a JS-based API for synchronous payments in the future, since:
* it might provide nicer user experience than opening a tab/window by using browser-specific APIs (such as W3C payment handler/requests)
* the developer experience might be nicer

However in order to implement the latter part, the backend might have to expose APIs to the browser that right now only the frontend server has access to, such as querying the status of a payment (paid, not paid, refunded) based on an order id.

It is probably not desirable to expose such an API to the public by default. Maybe the frontend can proxy these requests to the backend, but then we need to make sure we still have a nice API where we don't need to pass a slew of URLs around.